Switching It Up: The Keys to a Secure, Reliable Ethernet Connection


June 9, 2021

By Allied Electronics & Automation

Allied’s “Ask The Expert” series taps into the experience and expertise of key thought leaders and subject matter experts from the more than 500 global suppliers we work closely with to bring customers solutions for their most challenging problems (and the daily ones, too).

We spoke with David Garcia, product manager at Moxa, who generously offered his vast experience and insight to help us better understand the myriad of considerations needed to create a secure, future-proof Ethernet network, as well as a few product recommendations from Moxa’s expansive catalogue of switches.

What are some of the most common causes for Ethernet connectivity issues today? Which elements of a network are susceptible to the most risk?

Anything with an IP address on an open network can be susceptible to unauthorized access. So, to minimize this, any good network design will include using managed network switches with enhanced security features, as well as using a layered approach between each connection to mitigate the potential for a breach. This concept known as defense-in-depth– which includes segmenting the network, creating secure tunnels for secure remote access by adding firewalls between each network segment– is a great way to filter out any unwanted traffic, create rules to tightly control communication, and essentially ensure that nothing outside the network is talking to the device that is not supposed to. Following defense-in-depth security measures is a great way to not only secure your network, but also enhance the performance, provide visibility and minimize downtime. Let’s be honest, the time for basic connectivity is long gone; it is no longer enough to simply plug your device to the network. Remote access, asset visibility, and access to data is driving the need for more security.

Then there’s the risk of the human element. As the network grows, you need a way of managing it. Let’s say you select the right switches with the right features, put the necessary firewalls between each segment, have a good VPN encryption for remote access, but what’s going to happen six months from now, or a year from now? How do you monitor if your policies are being followed, or that newly added devices are properly configured? Using tools like MxView, which is a piece of network monitoring software, is a great way provide centralized network management. This tool is very valuable because you can monitor and manage your entire OT network— or even multiple sites — from one place.

If you have remote network sites, or if you have large facilities that have hundreds or thousands of nodes to manage, this tool will save you countless troubleshooting hours, reduce downtime, and alert you to security events. Its biggest benefit, however, is that it lets you spot issues before they become problems.

How do Ethernet connectivity needs vary across different sectors and what considerations need to be made when selecting appropriate network equipment?

There are quite a few considerations when selecting the right network switch. Reliability is an extremely important consideration for our customers who cannot rely on enterprise-level equipment to work in extreme environments day in and day out. Also considerations are going to be drastically different between say, a traffic light and a safety system in an oil and gas processing plant. If a switch goes out at a traffic light, you can dispatch a truck and drive to the location, but in a refinery or substation, a switch might be surrounded by flammable vapors and gasses. Depending on the situation, safety can be a real concern. In that case you are going to need equipment that can reliably operate at all times despite the environment. Certain equipment pieces will be certified for these kinds of environments, and if you have a standard you need to meet such as Class C1D2 for explosive environments, you’re going have a requirement to show that the design complies with the standard.

The next thing to consider is future proofing your investment. You have to ask yourself questions like: Will this be good enough for a couple of years, or will you be needing to add more devices down the line? Do you foresee having to add a camera for security or process monitoring? Although this network is currently for an isolated remote system, will you one day need to connect to a SCADA system or control center that’s miles away? What about remote access to an isolated network — how secure is your access? I have never seen a network shrink; when the times comes to grow, you want to make sure the network has the ability, while being optimized and secure.

Finally, no one should select networking equipment without considering the level of support it has behind it. This is a huge thing! A lot of people that I talk to already have a switch that probably does what I’m able to provide from a feature set standpoint, but they may not have the proper support. There could be a lot of reasons for this — maybe they have to pay exorbitant contracts on a yearly basis, or maybe the people they talk to just don’t understand their unique situation — but regardless of the cause this can be incredibly frustrating. You should make sure you have good support that walks you through the situation at hand.

What are the some of the most common switch types, and what characteristics separate them from one another?

The most basic switch is called an unmanaged switch, which is essentially “plug and play” for connecting devices in your panel to the network. The pros are cost and ease-of-use — they are great for basic device connectivity. The cons are a lack of visibility, so troubleshooting network issues is almost impossible and very time consuming. Also, there is no redundancy, so if you lose your connection there is no backup. This is not good, if you are trying to reduce downtime.

At the next level, we have managed switches which need to be configured, but they do so much more than any unmanaged switch. Managed switches offer visibility, performance enhancement, data management, and security. Unfortunately, the biggest obstacle to adoption of managed switches for OT engineers is lack of expertise. They struggle with questions like what features they need, what price points should they look at, or if this is overkill for their needs.

Beyond these options, there are also modular switches, which are like back planes that have network and power modules that can slide in an out of a system. These are great for applications where you need flexibility and want to connect a lot of PoE or fiber. There are also rack mount switches. To select the best switch for any application, you must be clear about what you are trying to do.

Allied’s ongoing partnership with Moxa includes the creation of more than 1,000 industrial communications products including Ethernet switches, protocol converters, and routers. What has Allied brought the table in this partnership?

Allied helps us lot of ways, actually. When you are talking about reach and the customer base, Allied and its distribution network from a vendor standpoint, provides exposure and helps us find customers and markets who might benefit from the technologies we offer ranging from device connectivity solutions to computer management solutions. It’s a fantastic mutual relationship; Allied brings the experience that they have with their customers, and Moxa, through our information and support capabilities, brings the connectivity piece it needs to guide customers in their purchasing journey.

And what’s most exciting is that this partnership is still relatively young. We are both still growing and learning each other’s capabilities, but the potential of what we can accomplish together is incredible.

Some of the new products available through Allied include Moxa’s EDS-2000-EL Series of Ethernet switches. What makes this new line unique?

We’re really excited about these. One of my favorite offerings in this line is the EDS-2005-EL switch. It’s pocket size, no taller than a business card, which is perfect for somebody who has a very small panel like one you’d find at a kiosk in a terminal station. It’s going to increase your connectivity; it’s cost-effective; it has one of the smallest footprints of anything available in the market right now; and it even runs on very low power, which is perfect for locations that may run on solar or battery power. Plus, it’s super reliable and can handle harsh conditions no problem. If you are trying to save money, this option will be cheaper than most enterprise-level switches and still offer you all the connectivity you need for really small compact applications. And like all of Moxa’s products, it comes with our free five-year warranty that covers all RMA and replacement costs, as well as completely free technical support.

Are there any other new offerings Moxa is excited to introduce through Allied? What are some future developments in Moxa’s catalogue that we could look forward to?

There are! As an example, we have another new switch called the SDS-3008, which is an eight-port switch. It’s really slim, as well, but this switch is specifically tailored for industrial customers who don’t feel comfortable configuring a switch. It has a simple dashboard, so you don’t need to navigate any tabs. It also has industrial protocol support for Modbus, Ethernet/IP, and Profinet, which can be enabled with single click. IGMP snooping, which is necessary for multicast traffic, is built into that profile. That feature alone will solve most of your problems with communication over an unmanaged switch, if you are using Allen Bradley equipment.

We also made a 16-port version, as well, which features gigabit uplinks. This means that it has more throughput for fatter pipes to send more data back to the controller. For anyone who’s scared of managed switches, this and the eight-port version are in my opinion exactly what they should look at if they want to dip their toe into them.

Moxa is also continually offering more free resources for our customers through our website, especially resources related to cybersecurity and network protection. We have webinars, videos, ebooks, infographics, white papers, and much more to ensure we keep customers as educated as possible in this rapidly evolving world. One resource I like to recommend is a detailed checklist designed to walk customers through an analysis of their defense-in-depth security measures. I highly recommend checking it out!




Related Articles

Network Infrastructure Featured Product Spotlight

PBUS 14 Panduit logo 400

This webinar presented by Beth Lessard and Keith Cordero will be highlighting three Panduit solutions that will optimize network equipment and cabling to ensure that your spaces are efficiently and properly managed to support ever-evolving business needs of today and beyond. Products that will be featured include PanZone TrueEdge Wall Mount Enclsoure, Cable Managers, and Adjustable Depth 4-Post Rack.


Editor’s Pick: Featured Product News

Siemens: SIMOVAC Non-Arc-Resistant and SIMOVAC-AR Arc-Resistant Motor Controllers

The Siemens SIMOVAC medium-voltage non-arc-resistant and SIMOVAC-AR arc-resistant controllers have a modular design incorporating up to two 12SVC400 (400 A) controllers, housed in a freestanding sheet steel enclosure. Each controller is UL 347 class E2, equipped with three current-limiting fuses, a non-load-break isolating switch, and a fixed-mounted vacuum contactor (plug-in type optional for 12SVC400). The enclosure is designed for front access, allowing the equipment to be located with the rear of the equipment close to a non-combustible wall.

Read More

Sponsored Content
Electrify Your Enterprise

Power is vital to production, and well-designed control cabinets are key. Allied Electronics & Automation offers a comprehensive collection of control cabinet solutions including PLCs, HMIs, contactors, miniature circuit breakers, terminal block connectors, DIN-rail power supplies, pushbutton switches, motor starters, overloads, power relays, industrial Ethernet switches and AC drives engineered to keep your operations running safely, reliably and efficiently.

Learn more HERE.

Products for Panel Builders

  • LUTZE: Expanding LCIS Relay Product Portfolio

    LUTZE: Expanding LCIS Relay Product Portfolio

    LUTZE has expanded its electromechanical LCIS relay portfolio with 12 units offering additional changeover contacts. New additions to the product portfolio are the LCIS 2 and LCIS 3 relay series. LCIS 2 series has units with 1 or 2 changeover contacts, and the LCIS 3 series has units with 4 changeover contacts. All new relay… Read More…

  • MENNEKES: SPEC Grade Sloped-Top Disconnects Are Now Available in 200A and 400A

    MENNEKES: SPEC Grade Sloped-Top Disconnects Are Now Available in 200A and 400A

    MENNEKES has recently expanded its SPEC Grade Series of stainless steel motor disconnects to include 200A and 400A models. These units are the first on the market to combine these amperages in a sloped-top stainless steel enclosure. Compared to traditional knife-blade alternatives, these SPEC Grade units feature a UL 98 Listed rotary switch, providing a… Read More…